Talk:Kerberos: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
(New page: {{subpages}})
 
imported>David MacQuigg
No edit summary
Line 1: Line 1:
{{subpages}}
{{subpages}}
I just changed the definition to reflect what I think are the key points about this protocol.  I'm not an expert in Kerberos, but it looks to me like it has no advantage over a public-key system, and a few serious disadvantages.  I'm thinking of adding to the article something like the following paragraph, but I would like to get some feedback first.
:Kerberos has largely been replaced by public-key systems.  Both have the objective of providing a secret session key to allow encrypted communications between two clients.  Both need a central server, one to distribute public keys for each client, the other to hold secret keys for each client.  The server with secret keys for all clients must be very secure, much more than is required for the server holding only the public keys of all clients.
See http://en.wikipedia.org/wiki/Kerberos_(protocol)#Drawbacks for more on the disadvantages of Kerberos.
"Authentication Protocols", section 8.3 in Peterson & Davie, Computer Networks, 4th ed. (Morgan Kaufmann, 2007).<br />
"Authentication Protocols", section 8.7 in Tanenbaum, Computer Networks, 4th ed. (Prentice Hall, 2003).<br />
"Authentication and Authorization Controls", R. Bragg, chapter 6 in Network Security: The Complete Reference (McGraw-Hill, 2004).<br />
--[[User:David MacQuigg|David MacQuigg]] 17:12, 25 November 2009 (UTC)

Revision as of 11:12, 25 November 2009

This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
To learn how to update the categories for this article, see here. To update categories, edit the metadata template.
 Definition A protocol using a central server to provide two clients with a shared session key, without either client having to publish a public key. [d] [e]
Checklist and Archives
 Workgroup category Computers [Categories OK]
 Subgroup category:  Security
 Talk Archive none  English language variant American English

I just changed the definition to reflect what I think are the key points about this protocol. I'm not an expert in Kerberos, but it looks to me like it has no advantage over a public-key system, and a few serious disadvantages. I'm thinking of adding to the article something like the following paragraph, but I would like to get some feedback first.

Kerberos has largely been replaced by public-key systems. Both have the objective of providing a secret session key to allow encrypted communications between two clients. Both need a central server, one to distribute public keys for each client, the other to hold secret keys for each client. The server with secret keys for all clients must be very secure, much more than is required for the server holding only the public keys of all clients.

See http://en.wikipedia.org/wiki/Kerberos_(protocol)#Drawbacks for more on the disadvantages of Kerberos.

"Authentication Protocols", section 8.3 in Peterson & Davie, Computer Networks, 4th ed. (Morgan Kaufmann, 2007).
"Authentication Protocols", section 8.7 in Tanenbaum, Computer Networks, 4th ed. (Prentice Hall, 2003).
"Authentication and Authorization Controls", R. Bragg, chapter 6 in Network Security: The Complete Reference (McGraw-Hill, 2004).
--David MacQuigg 17:12, 25 November 2009 (UTC)